Hey there, i cant pick groups in the "bulk edit group members" section.
What i want to achieve, is to have anyone in the 'domain admins' group in active directory automatically become a member of jira-administrators local group.
obviously this could be expanded to include all 'domain users' being members of the lowest level group (jira servicedesk users maybe) so that they can submit requests. I mean thats the next step. however it seems local groups, i have to add them one by one.
I want to minimize how much i have to fiddle with the built in groups and would rather use AD which is already segmented into groups, for assigning user permissions. I am not seeing how to do that. I can assign groups to "roles" and "global permissions" however i wanted to just inherit all the permissions that (for example) jira-administrators already has.
For example, jira administrators is already a member of every group on the global permissions page, but if i wanted to add "domain admins" to every group, i would have to add it manually. Much easier if i could just add "domain admins" to the "jira-administrators" group and have it inherit. Especially since i am not sure where else 'jira-administrator' may have permissions that i really want domain admins to have access to.
In our corp, domain admins only has two users, so i can manually add them as individual users to the 'jira-administrators' group, but for something like 'domain users' has hundreds, and i wont be adding them all manually to any group.
please advise thanks
With SAML and ADFS this can be easily achieved.
ADFS: "Send group memberships as a claim"
Select the group to be sent as an outgoing claim, e.g. domain admins, then outgoing claim value: jira-administrators.
Really the same for domain users -> jira-users.
Cheers,
Lars
sorry do you have some kind of document about this? where is that setting on the backend? I dont see anything about it in user directories.
thanks for your reply.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
This can be achieved with ADFS (and probably other IDP`s as well) and any SAML provider that support group claims.
I work with Kantega Single Sign-on, but there are many vendors to choose from:
https://marketplace.atlassian.com/search?query=saml
-Lars
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Lars,
I have attempted the following:
With SAML and ADFS this can be easily achieved.
ADFS: "Send group memberships as a claim"
Select the group to be sent as an outgoing claim, e.g. domain admins, then outgoing claim value: jira-administrators.
Really the same for domain users -> jira-users.
This does not seem to work. The specified active directory is not mapped to the configured Jira-group and members are not beeing added.
Are you sure this is supported and if so, can you please provide a more detailed instruction?
Thank you in advance.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.